Episode Details

Gifted hackers can access data from a government website, a hospital medical system, or even a car. Most are not aware when their personal information is stolen, sold, and used until it is too late.

Today's guest is Alissa Knight. Alissa is a recovering hacker of 20 years, a cyber security influencer, content creator, and the principal cyber security analyst at Alissa Knight and Associates. She is the author of the recently released book Hacking Connected Cars. Alissa has been quoted in articles by Brian Krebs and featured in numerous magazine articles including PC Magazine, Wired, and Forbes.

• [1:01] - Alissa shares how she started hacking at the age of 13 and she got caught hacking a government network. They came to arrest her at school.
• [2:27] - After this experience, Alissa later went on to own a few startups and sold them for millions of dollars.
• [3:44] - Alissa explains her combat training when owning a defense contracting company. She then transitioned back into cyber security.
• [5:10] - Her company shifted from defense contracting to private sector cyber security.
• [6:06] - While living in Germany, Alissa got into hacking connected cars.
• [7:07] - Although Alissa knows the risks of having connected technology, she is definitely a consumer of connected devices.
• [7:55] - We are seeing a fundamental change in cybersecurity because now it isn't just about information. It can literally be life or death.
• [9:02] - Alissa loves cinematography and combines her knowledge of hacking and content creation.
• [10:17] - Cybersecurity can be boring and uninteresting. Alissa states that she got tired of seeing the same white papers and changed it up to make it more interesting not just for her but for clients as well.
• [11:22] - Alissa references a book called Blue Ocean Strategy and summarizes its content in relation to her business model and content.
• [12:58] - "A lot of the content out there for security is told through the eyes of a blue team member. It's told through the eyes of the defender. Very rarely do we see content being told through the eyes of the adversary."
• [14:13] - Alissa describes what she wants people to see through her content.
• [15:58] - In Alissa's opinion, we need to relearn the concept of prevention.
• [17:27] - Chris points out that many mistakes are made when people think they have an impenetrable system. They become complacent.
• [18:20] - There are so many products out there right now that become very overwhelming and many don't know what to choose or buy.
• [19:17] - Alissa breaks down the categories of mHealth and describes how she was able to hack into them.
• [20:59] - When testing these systems through hacking, Alissa was shocked at how much information she was able to access about patients.
• [22:01] - Alissa explains the rule that CMS passed called FHIR.
• [24:36] - Describing the systems that hospital systems use, Alissa points out some issues with lack of security.
• [26:48] - Alissa shares a personal story about being diagnosed with cancer and the experience of getting an email with her medical data available through a mobile app.
• [29:21] - The average person is not digging deep to find where their information could have been published on the darkweb.
• [30:54] - Alissa explains the differences between what some providers can and cannot do with data.
• [31:41] - To explain a BOLA vulnerability, Alissa uses an easy to visualize analogy.
• [33:58] - Some of the problems in the APIs that Alissa is testing is insecure coding and programming. She lists how this can see patient health information in medical systems.
• [35:13] - Simply changing an ID slightly once it has been